CISCO Wireless LAN Controller Software

Specifications

• Feature: Efficient Image Upgrade
• Compatibility: Not recommended for controllers running Cisco IOS XE Amsterdam 17.3.x with Cisco Catalyst 9124AX and Cisco Catalyst 9130AX APs in the same group.

Product Usage Instructions

QEnable Pre-Download (GUI)

1. Go to Configuration > Wireless > Access Points.
2. In the Access Points page, expand the All Access Points section and click the name of the AP to edit.
3. In the Edit AP page, click the Advanced tab.
4. Under the AP Image Management section, click Predownload.
5. Click Update & Apply to Device to enable Pre-Download.

Enable Pre-Download (CLI)

1. Enter global configuration mode by using the command:
   configure terminal.
2. Create a wireless profile flex by entering: wireless
profile flex flex-profile.
3. Enable predownload of the image by using:
   predownload.
4. Exit configuration mode by entering: end.

Configuring a Site Tag (CLI)

1. Access global configuration mode with: configure
terminal.
2. Create a site tag by using: wireless tag site
site-name.
3. Configure a flex profile by entering: flex-profile
flex-profile-name.
4. Add a description for the site tag with: description
site-tag-name.
5. Save and exit configuration mode by using:
   end.

Efficient Image Upgrade

• Efficient Image upgrade is an efficient way of pre-downloading the image to the APs. It works similarly to – subordinate model. An AP per model becomes the primary AP and downloads the image from the controller through the WAN link. Once the primary AP has downloaded the image, the subordinate APs start downloading the image from the primary AP. In this way, WAN latency is reduced. Primary AP selection is dynamic and random. A maximum of three subordinate APs per AP model can download the image from the primary AP.

Note: Do not enable this feature on controllers running Cisco IOS XE Amsterdam 17.3.x when there are Cisco Catalyst 9124AX and Cisco Catalyst 9130AX APs in the same group.

Enable Pre-Download (GUI)

• Step 1: Choose Configuration >Wireless > Access Points.
• Step 2: In the Access Points page, expand the All Access Points section and click the name of the AP to edit.
• Step 3: In the Edit AP page, click the Advanced tab and from the AP Image Management section, click Predownload.
• Step 4: Click Update & Apply to Device.

Enable Pre-Download (CLI)

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: Device# configure terminal	Enters the global configuration mode.
Step 2	wireless profile flex flex-profile Example: Device(config)# wireless profile flex rr-xyz-flex-profile	Configures a flex profile and enters the flex profile configuration mode.
Step 3	predownload Example: Device(config-wireless-flex-profile)# predownload	Enables predownload of the image.
Step 4	end Example: Device(config-wireless-flex-profile)# end	Exits the configuration mode and returns to privileged EXEC mode.

Configuring a Site Tag (CLI)

Follow the procedure given below to configure a site tag:

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: Device# configure terminal	Enters global configuration mode.
Step 2	wireless tag site site-name Example: Device(config)# wireless tag site rr-xyz-site	Configures a site tag and enters site tag configuration mode.
Step 3	flex-profile flex-profile-name Example: Device(config-site-tag)# flex-profile rr-xyz-flex-profile	Configures a flex profile. Note: You cannot remove the flex profile configuration from a site tag if the local site is configured on the site tag.   Note: The no local-site command needs to be used to configure the Site Tag as Flexconnect; otherwise, the Flex profile config does not take effect.
Step 4	description site-tag-name Example: Device(config-site-tag)# description “default site tag”	Adds a description for the site tag.
Step 5	end Example: Device(config-site-tag)# end	Saves the configuration and exits configuration mode and returns to privileged EXEC mode.
Step 6	show wireless tag site summary Example: Device# show wireless tag site summary	(Optional) Displays the number of site tags. Not:  To view detailed information about a site, use the show wireless tag site detailed site-tag-name command.   Note: The output of the show wireless loadbalance tag affinity wncd wncd-instance-number command displays the default tag (site-tag) type if both sthe ite tag and policy tag are not configured.

Attaching Policy Tag and Site Tag to an AP (CLI)

Follow the procedure given below to attach a policy tag and a site tag to an AP:

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: Device# configure terminal	Enters global configuration mode.
Step 2	ap mac-address Example: Device(config)# ap F866.F267.7DFB	Configures a Cisco AP and enters AP profile configuration mode. Note: The MAC address should be wired.
Step 3	policy-tag policy-tag-name Example: Device(config-ap-tag)# policy-tag rr-xyz-policy-tag	Maps a policy tag to the AP.
Step 4	site-tag site-tag-name Example: Device(config-ap-tag)# site-tag rr-xyz-site	Maps a site tag to the AP.
Step 5	rf-tag rf-tag-name Example: Device(config-ap-tag)# rf-tag rf-tag1	Associates the RF tag.
Step 6	end Example: Device(config-ap-tag)# end	Saves the configuration, exits configuration mode, and returns to privileged EXEC mode.
Step 7	show ap tag summary Example: Device# show ap tag summary	(Optional) Displays AP details and the tags associated with it.
Step 8	show ap name <ap-name> tag info Example: Device# show ap name ap-name tag info	(Optional) Displays the AP name with tag information.
Step 9	show ap name <ap-name> tag detail Example:	(Optional) Displays the AP name with tag details.

	Command or Action	Purpose
	Device# show ap name ap-name tag detail..

Trigger Predownload to a Site Tag

Follow the procedure given below to trigger image download to the APs:

Procedure

	Command or Action	Purpose
Step 1	enable Example: Device> configure terminal	Enters the privileged EXEC mode.
Step 2	ap image predownload site-tag site-tag start Example: Device# ap image predownload site-tag rr-xyz-site start	Instructs the primary APs to start image predownload.
Step 3	show ap master list Example: Device# show ap master list	Displays the list of primary APs per AP model per site tag.
Step 4	show ap image Example: Device# show ap image	Displays the pre-downloading state of primary and subordinate APs Note: To check if the Flexefficient image upgrade is enabled in the AP, use the show capwap client rcb command on the AP console.

The following sample outputs display the functioning of the Efficient Image Upgrade feature:

The following output displays the primary AP.

• Device# show ap master list
• AP Name Site TagWTP Mac AP Model ———–
• AP0896.AD9D.3124
• f80b.cb20.2460 AIR-AP2802I-D-K9 ST1

The following output shows that the primary AP has started pre-downloading the image.

• Device# show ap image
• Total number of APs: 6
• AP Name Primary Image Backup Image Predownload Status Predownload Version
• Next Retry Time Retry Count ———————————–APE00E.DA99.687A 16.6.230.37 0.0.0.0 None 0.0.0.0

The following output shows that the primary AP has completed predownload, and the predownload has been initiated in the subordinate AP.

Device# show ap image.

The following output shows the mage status of a particular AP.

• Device# show ap name APe4aa.5dd1.99b0 image
• AP Name: APe4aa.5dd1.99b0
• Primary Image  16.6.230.46
• Backup Image: 3.0.51.0
• Predownload Status  None
• Predownload Version:000.000.000.000
• Next Retry Time: /A
• Retry Count : 0
• The following output shows predownload completion on all APs.
• Device# show ap image
• Total number of APs: 6
• Number of APs
• Initiated : 0
• Predownloading : 0
• Completed predpre-downloading
• Not Supported : 0
• Failed to Predownload : 0

Feature History for Out-of-Band AP Image Download

• This table provides release and related information for the feature explained in this module.
• This feature is available in all the releases after the one in which it is introduced, unless noted otherwise.

Table 1: Feature History for Out-of-Band AP Image Download

Release	Feature	Feature Information
Cisco IOS XE Dublin 17.11.1	Out-of-Band AP Image Download	The AP image upgrade method is enhanced to make the upgrades faster and more flexible.

Information About Out-of-Band AP Image Download

• In WLAN deployments, the APs gather their software image and configuration from the controller (in-band) during the join, predownload, and upgrade phases over the CAPWAP control path. This mechanism has limitations in the context of CAPWAP window size, processing of CAPWAP packets, and parallel image downloads. With image upgrade being a significant activity in the lifecycle of APs, upgrades become a time-consuming activity when the deployment size increases, especially for remote deployments, because the image always comes from the controller, irrespective of the deployment types.
• To make upgrades faster and more flexible, the AP image upgrade method is enhanced in Cisco IOS XE Dublin 17.11.1 release. An enhanced web server (nginx) running on the controller helps the AP image downloads to be available out of the CAPWAP path (out of band).

Note

• HTTPS configuration done at the global level applies to all the APs joining the controller.
• When AP image download over an Out-of-Band method fails, the download falls back to the CAPWAP method, as a result of which the APs will not be stranded.
• AP image download over HTTPS may fail if the HTTPS server Trustpoint has a chain of CA certificates.
• Before you downgrade from Cisco IOS XE Dublin 17.11.1 to an earlier version, ensure that the Out-of-Band AP Image Download feature is disabled, as it is not supported in previous releases.

Restrictions for Out-of-Band AP Image Download

This feature is not supported on the following platforms:

• Cisco Embedded Wireless Controller on Catalyst Access Points
• Cisco Embedded Wireless Controller on Catalyst Switches
• Cisco Wave 1 Access Points

Download AP Image from Controller Using HTTPS (CLI)

Before you begin

• HTTPS configuration must be enabled.
• The NGINXx server must be running on the controller. Use the show platform software yang-management process command to check whether the nginx server is running.
• The custom-configured port must be reachable between the controller and the corresponding AP.

Procedure

	Command or Action	Purpose
Step 1	configure terminal Example: Device# configure terminal	Enters the global configuration mode.
Step 2	ap upgrade method https Example: Device(config)# ap upgrade method https	Configures the corresponding AP to download the image over HTTPS from the controller if the AP supports the out-of-band AP image download method. You can check whether the AP supports efficient download method using the show ap config general command. Use the no form of this command to disable the out-of-band AP image download method.
Step 3	ap file-transfer https port port_number Example: Device(config)# ap file-transfer https port 8445	Configures a custom port for image download from the nginx server running on the controller. For the HTTPS port, the valid values range from 0 to 65535, with a default of 8443. You cannot use port 443 for AP file transfers because it is the default port used for other HTTPS requests. Also, avoid configuring standard and well-known ports because the configuration may fail.

	Command or Action	Purpose
		By default, the Efficient AP image download feature uses port 8443 for HTTPS. If the same port is configured for HTTPS access for controller GUI, then GUI access will not work. In such instances, use a port number other than 8443 for controller GUI Access or configure a different port for AP file transfer over HTTPS instead of 8443. Port 8443 is customizable. A sample config is given below: Source= wireless controller Destination= Access Point Protocol=HTTPS Destination Port=8443 Source Port=any Description= “Out of Band AP Image Download”
Step 4	end Example: Device(config)# end	Returns to privileged EXEC mode.

Download AP Image from Controller Using HTTPS (GUI)

Procedure

• Step 1: Choose Configuration >Wireless >Wireless Global.
• Step 2: In the AP Image Upgrade section, enable the HTTPS Method to allow image download on APs from the controller, over HTTPS. This out-of-band file transfer is an efficient method for AP image upgrade.
  Note
  • The AP should support out-of-band image download. You can verify this in the Configuration >Wireless > Access Points window. Select the AP, and in the Edit AP > Advanced tab, view the details of the support in the AP Image Management section.
• Step 3: Enter the HTTPS Port to designate AP file transfers on that port. Valid values range from 0 to 65535, with the default being 8443. Note that you cannot use port 443 for AP file transfers because that is the default port for other HTTPS requests.
  • By default, the Efficient AP image download feature uses port 8443 for HTTPS. If the same port is configured for HTTPS access for the controller GUI, then GUI access will not work. In such instances, use a port number other than 8443 for controller GUI Access or configure a different port for AP file transfer over HTTPS instead of 8443.
• Step 4: Click Apply to Device to save the configuration.

Verifying Image Upgrade
To check whether an AP supports an efficient download method, use the following command:

• Device# show ap config general
• Cisco AP Name AP002C.C862.E880
• Cisco AP Identifier:002c.c88b.0300
• Country Code: multiple Countries: I, US
• Re gulatory Domain Allowed by Country: 82.11bg:-A 802.11a:-ABDN
• AP Country Code: US – United States
• AP Regulatory Domain
• 802.11bg : -A
• AP Upgrade Out-Of-Band Capability  Enabled
• AP statistics: Disabled

To view the AP image download statistics, use the following command.

Use the show ap image command to see the detailed output.

• Device# show ap image summary
• Total number of APs :
• Number of APs
• Initiated : 0
• Downloading : 0
  Predownloading : 0
• Completed downloading : 0
• Completed predpre-downloading
• Not Supported : 0
• Failed to Predownload : 0
• Predownload in progress: No
• To view the method used to download the AP image, use the following command:
• Device# show wireless stats ap image-download

To view the method used to download the AP image, use the following command:

• Device# show ap upgrade method
• AP upgrade method HTTPS  Disabled

To view the port used for the AP image transfer, use the following command:

• Device# show ap file-transfer https summary
• Configured port:8443
• Operational port  443

!If different ports are shown under ‘Configured port’ and ‘Operations port’

• That customer’s Tom tTomportheiTomation has failed, and is continuing with the previous port.
• !The failure reason could be the input port, which is a well-known port and already in use.
• To view whether an AP supports image download over HTTPS, use the following command:
• Device# show ap name AP2800 config general | sec Upgrade
• AP Upgrade Out-Of-Band Capability: Enabled

To view the detailed output of Aan’s pre-image, use the following command:

• Device# show ap image
• Total number of APs: 2
• Number of APs
• Initiated : 0
• Downloading : 0
• Predownloading : 0
• Completed downloading  2
• Completed prpre-downloading0
• Not Supported : 0
• Failed to Predownload : 0
• Predownload in progress: No

!The ‘method’ column indicates the download method used by the AP.

FAQs

Q: Can I use Efficient Image Upgrade feature on all controller types?

A: No, it is not recommended to enable this feature on controllers running Cisco IOS XE Amsterdam 17.3.x when there are Cisco Catalyst 9124AX and Cisco Catalyst 9130AX APs in the same group.

Documents / Resources

CISCO Wireless LAN Controller Software [pdf] User Guide Wireless LAN Controller Software, LAN Controller Software, Controller Software, Software

References

• User Manual